USN-2569-2: Apport vulnerability

apport vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 14.10

Ubuntu 14.04 LTS

Summary

Apport could be tricked into running programs as an administrator.

Software Description

apport - automatically generate crash reports for debugging

Details

USN-2569-1 fixed a vulnerability in Apport. Tavis Ormandy discovered that
the fixed packages were still vulnerable to a privilege escalation attack.
This update completely disables crash report handling for containers until
a more complete solution is available.

Original advisory details:

Stéphane Graber and Tavis Ormandy independently discovered that Apport
incorrectly handled the crash reporting feature. A local attacker could use
this issue to gain elevated privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions: